MetLife

Job Description – SOC Analyst (Incident Response & Threat Operations)

Position Summary

The SOC Analyst is responsible for end-to-end investigation, response, and management

of cybersecurity incidents across the enterprise. This role combines deep technical

incident handling, threat analysis, and proactive threat hunting with operational

leadership, cross-functional coordination, and continuous improvement of SOC

capabilities. The analyst plays a critical role in protecting the organization’s global

environment by identifying threats, containing incidents, and strengthening the overall

security posture.

Key Responsibilities

Incident Investigation & Response

· Perform in-depth investigation of security incidents involving endpoints, servers,

networks, cloud platforms, and applications

· Assess risk, scope, root cause, and business impact of security events and

confirmed incidents

· Lead containment, eradication, and recovery actions for malware infections,

phishing attacks, ransomware activity, data exposure events, and malicious network

communications

· Act as a technical escalation point during high-severity and complex cyber

incidents, providing expert guidance and decision-making

· Manage the full incident lifecycle using XSOAR platforms, ensuring incidents are

handled e?iciently from detection through closure

Threat Analysis & Hunting

· Conduct proactive threat hunting to identify stealthy threats, anomalous behavior,

and attacker techniques not detected by automated controls

· Perform daily threat analysis activities including:

o New, aged, and dropped domain analysis

o Malicious IP, URL, and file hash validation

· Leverage internal telemetry and external threat intelligence sources to enrich

investigations and improve detection accuracy

Security Monitoring & Tooling

· Analyze and correlate logs and alerts from SIEM, EDR, Firewall, Proxy, Email

Security, Database Security, and Cloud Security platforms

· Support and enhance detection logic, correlation rules, and automated response

playbooks within SIEM and XSOAR platforms

· Partner with security engineering and response teams to integrate new security

technologies and improve existing controls

Collaboration & Leadership

· Coordinate incident response activities with regional IT Security, Infrastructure,

Engineering, Legal, Privacy, and Business teams

· Provide mentorship, technical guidance, and on-the-job coaching to junior analysts

during investigations and active incidents

· Collaborate with response engineering teams on remediation strategies,

architectural improvements, and long-term risk reduction initiatives

Continuous Improvement

· Identify gaps in monitoring, detection, and response processes and drive

continuous improvement initiatives across SOC operations

· Contribute to the development and refinement of incident response procedures,

playbooks, and standard operating procedures

· Participate in post-incident reviews to ensure lessons learned are documented and

corrective actions are tracked to completion

Reporting & Governance Requirements

· Maintain accurate and timely documentation of all incidents, investigations, and

response actions within XSOAR platform

· Produce daily and weekly operational reports covering incident volumes, severity

trends, response timelines, and notable threats

· Prepare detailed incident reports and root cause analyses for high-severity

incidents, including impact assessment and remediation status

· Deliver executive-ready incident briefings and post-incident summaries for senior

leadership and stakeholders

· Track and report on SOC KPIs and SLAs such as mean time to response (MTTR),

mean time to contain (MTTC), and incident closure rates

· Ensure all activities align with internal security policies, regulatory requirements,

and audit expectations

Education

· IT Graduate or Engineering degree (BTech, MCA, MSc Computers or equivalent)

Experience

· 6–10 years of total experience in SOC operations, Incident Response, Threat

Hunting, or Security Engineering

· Strong hands-on experience with enterprise-scale environments and global incident

response

· Proven experience working with SIEM, XSOAR, and EDR platforms such as Splunk,

QRadar, CrowdStrike, XSIAM, or equivalent

Technical Skills

· Strong understanding of network, endpoint, application, cloud, and data security

concepts

· Experience handling incidents in large, distributed, and regulated environments

· Proficiency with incident management frameworks, response playbooks, and

XSOAR Incident Management

· Intermediate to advanced knowledge of malware analysis, phishing campaigns, and

attacker tactics, techniques, and procedures (TTPs)

· Ability to design and assess layered security controls across the enterprise

Certifications (Preferred)

· CISSP, GCIA, GCIH, or equivalent industry certifications

Behavioral & Leadership Skills

· Strong analytical, problem-solving, and decision-making capabilities

· Excellent communication skills with the ability to translate technical issues into

business impact

· Demonstrated leadership during crisis situations and major security incidents

· Ability to work e?ectively across time zones and with global teams

· Strategic mindset combined with hands-on technical execution